Hijack This Log / Panda Scan

Status
Not open for further replies.
D

daddy_ray

Baseband Member
Messages
69
Guys...Ive been hosed !!! My #&^% is tore up. Please review and assist in anyway possible. Win 98 SE, P4 2.8, 1 gb PC3200, Radeon 9200 Review and assist... Also having trouble booting up in safe mode. Also, I am running Iopus Starr PC Monitor so ignore that, however I have noticed that I have Ispynow running also...That is not by choice ! Thanks, Ray

Logfile of HijackThis v1.99.1
Scan saved at 07:30:32 PM, on 4/23/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WSYS.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\ANTI-SPYWARE BLOCKER\ANTI-VIRUS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ptktzkxk.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\ptktzkxk.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\TOOLS\IESDSG.DLL
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\DLMAX.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\GRISOFT\AVG7\AVGREGCL.EXE /BOOT
O4 - HKLM\..\RunServices: [windll] C:\WINDOWS\SYSTEM\wsys.exe
O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - Startup: Anti-Spyware Blocker.lnk = C:\Program Files\Anti-Spyware Blocker\Anti-Virus.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\TOOLS\IESDPB.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

PANDA SCAN 04-23-05

Adware:Adware/Transponder No disinfected C:\WINDOWS\DLMAX.DLL Adware:Adware/SaveNow No disinfected
Windowsregistry
Adware:Adware/nCase No disinfected C:\Temp\FLEOK
Spyware:Spyware/BetterInet No disinfected Windows Registry
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bsx32
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\All Users\Application Data\AdDestroyer
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.ini
Adware:Adware/NavHelper No disinfected C:\Program Files\Ares
Spyware:Spyware/LZIO-Media No disinfected C:\WINDOWS\io2uns.exe
Adware:Adware/WUpd No disinfected Windows Registry
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Favorites\Casino & Carrers
Adware:Adware/HuntBar No disinfected C:\WINDOWS\SYSTEM\EDOW_AS2.EXE
Adware:Adware/Beginto No disinfected C:\WINDOWS\SYSTEM\NSM10D0.DLL
Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\SYSTEM\pacis.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM\topsys.exe
Adware:Adware/Beginto No disinfected C:\WINDOWS\SYSTEM\nsm10D0.dll
Adware:Adware/HuntBar No disinfected C:\WINDOWS\SYSTEM\EDow_AS2.exe
Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM\cxtpls_loader.exe
Adware:Adware/StartPage.DD No disinfected C:\WINDOWS\SYSTEM\temperror32.dat
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\PYNIX.INF
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\DLMAX.INF
Adware:Adware/Transponder No disinfected C:\WINDOWS\DLMAX.DLL
Adware:Adware/WUpd No disinfected C:\Program Files\Hijack This\backups\backup-20041014-203655-511.inf
Adware:Adware/Transponder No disinfected C:\Program Files\Hijack This\backups\backup-20050419-190921-532.dll
Adware:Adware/Transponder No disinfected C:\Program Files\Hijack This\backups\backup-20050420-192839-370.dll


Spyware:Spyware/pcAudit No disinfected C:\My Downloads\pcaudit.exe
Adware:Adware/HuntBar No disinfected C:\NULL
 
Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINDOWS\SYSTEM\WSYS.EXE

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u DLMAX.DLL

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\DLMAX.DLL

O4 - HKLM\..\RunServices: [windll] C:\WINDOWS\SYSTEM\wsys.exe


Now, with all windows closed except HiJackThis, click "Fix checked".

===============


When your done, rescan your system and make sure the following isn't present:

N3 - Netscape ... 5CSBWeb_01.src (or) 5CSBWeb_02.src

If it is, then fix that entry again; sometimes it'll take more than one pass. The actual entry is ok, and won't be deleted, it's the java wrapper marked in red that needs to be removed.

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:







files...

C:\WINDOWS\SYSTEM\WSYS.EXE
C:\WINDOWS\DLMAX.DLL
C:\Program Files\Hijack This\backups\backup-20050420-192839-370.dll << This file
C:\Program Files\Hijack This\backups\backup-20050419-190921-532.dll << This file
C:\WINDOWS\DLMAX.DLL << This file
C:\WINDOWS\SYSTEM\cxtpls_loader.exe << This file
C:\WINDOWS\SYSTEM\EDow_AS2.exe << This file
C:\WINDOWS\SYSTEM\nsm10D0.dll << This file
C:\WINDOWS\SYSTEM\topsys.exe << This file
C:\WINDOWS\SYSTEM\pacis.exe << This file
C:\WINDOWS\dlmax.dll << This file
C:\WINDOWS\SYSTEM\NSM10D0.DLL << This file
C:\WINDOWS\SYSTEM\EDOW_AS2.EXE << This file
C:\WINDOWS\io2uns.exe << This file


folders...
C:\Temp\FLEOK
C:\WINDOWS\bsx32
C:\WINDOWS\All Users\Application Data\AdDestroyer
C:\WINDOWS\Favorites\Casino & Carrers
C:\Program Files\Ares


Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============

Post back a new log, and let me know how everything goes.

-

Lobos.
 
I can't boot up in safe mode. I get this error:::: While initializing device VFBACKUP: VFBACKUP could not load VFD.VXD Please run setup again. What does that mean and have you seen this before ? It boots up fine in normal mode.

Thanks, Ray
 
Also, I can't delete DLMAX.DLL in normal mode because it says that program is running, which was probably obvious.
 
used the link u sent and used sfc to restore the vfbackup.vxd file into the windows\system folder i then rebooted and still get the same error when trying to go to safe mode. Question: I restored the file but do i have to do anything else after that before it will work...like enable it ??? Thanks, Ray
 
Remove entries at your own risk

C:\WINDOWS\SYSTEM\WSYS.EXE (WSYS.EXE)
STARR key logger. "It logs almost everything that goes through the box. It logs all key strokes, all passwords transacted even if they weren\'t keyed in, all web sites visited, every program launched including the path to that program, and more"

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
This entry is possibly nasty. Should be fixed.

Spyware:Spyware/LZIO-Media No disinfected C:\WINDOWS\io2uns.exe
Unknown running process. (io2uns.exe)
This is a unknown process.

Adware:Adware/HuntBar No disinfected C:\WINDOWS\SYSTEM\EDOW_AS2.EXE
Unknown running process. (EDOW_AS2.EXE)
This is a unknown process.

Adware:Adware/Pacimedia No disinfected C:\WINDOWS\SYSTEM\pacis.exe
Unknown running process. (pacis.exe)
This is a unknown process.

Adware:Adware/eZula No disinfected C:\WINDOWS\SYSTEM\topsys.exe
Unknown running process. (topsys.exe)
This is a unknown process.

Adware:Adware/HuntBar No disinfected C:\WINDOWS\SYSTEM\EDow_AS2.exe
Unknown running process. (EDow_AS2.exe)
This is a unknown process.

Adware:Adware/Apropos No disinfected C:\WINDOWS\SYSTEM\cxtpls_loader.exe
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
H
HP laptop review, HP 17-by3063st
Replies
1
Views
3K
tehnokraat
T
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom